Example #1
0
 public function testIsTokenValidWithValidToken()
 {
     $this->storageInterface->expects($this->once())->method('hasToken')->willReturn(true);
     $token = new \OC\Security\CSRF\CsrfToken('XlQhHjgWCgBXAEI0Khl+IQEiCXN2LUcDHAQTQAc1HQs=:qgkUlg8l3m8WnkOG4XM9Az33pAt1vSVMx4hcJFsxdqc=');
     $this->storageInterface->expects($this->once())->method('getToken')->willReturn('/3JKTq2ldmzcDr1f5zDJ7Wt0lEgqqfKF');
     $this->assertSame(true, $this->csrfTokenManager->isTokenValid($token));
 }
Example #2
0
 /**
  * @dataProvider invalidTokenDataProvider
  * @param string $invalidToken
  */
 public function testPassesCSRFCheckWithInvalidToken($invalidToken)
 {
     /** @var Request $request */
     $request = $this->getMockBuilder('\\OC\\AppFramework\\Http\\Request')->setMethods(['getScriptName'])->setConstructorArgs([['server' => ['HTTP_REQUESTTOKEN' => $invalidToken]], $this->secureRandom, $this->config, $this->csrfTokenManager, $this->stream])->getMock();
     $token = new CsrfToken($invalidToken);
     $this->csrfTokenManager->expects($this->any())->method('isTokenValid')->with($token)->willReturn(false);
     $this->assertFalse($request->passesCSRFCheck());
 }
Example #3
0
 /**
  * Checks if the CSRF check was correct
  * @return bool true if CSRF check passed
  */
 public function passesCSRFCheck()
 {
     if ($this->csrfTokenManager === null) {
         return false;
     }
     if (isset($this->items['get']['requesttoken'])) {
         $token = $this->items['get']['requesttoken'];
     } elseif (isset($this->items['post']['requesttoken'])) {
         $token = $this->items['post']['requesttoken'];
     } elseif (isset($this->items['server']['HTTP_REQUESTTOKEN'])) {
         $token = $this->items['server']['HTTP_REQUESTTOKEN'];
     } else {
         //no token found.
         return false;
     }
     $token = new CsrfToken($token);
     return $this->csrfTokenManager->isTokenValid($token);
 }